CVE-2019-4425IBM Business Automation Workflow vulnerability

3 documents3 sources
Severity
5.7MEDIUMNVD
EPSS
0.3%
top 50.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Business Automation WorkflowIBM Business Process Manager
Timeline
PublishedAug 20
Latest updateMay 24

Description

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages3 packages

NVDibm/business_automation_workflow18.0.0.019.0.0.2
CVEListV5ibm/business_automation_workflow18.0.0.0, 18.0.0.1, 18.0.0.2+2
NVDibm/business_process_manager8.0.0.08.0.1.3+5

🔴Vulnerability Details

2
GHSA
GHSA-q78f-m77g-r2gf: IBM Business Automation Workflow 182022-05-24
CVEList
CVE-2019-4425: IBM Business Automation Workflow 182019-08-20
CVE-2019-4425 — IBM vulnerability | cvebase